On the internet, a certificate is needed in order to verify the identity of people or computers, and to establish secure connections to services to keep people from listening in your connection. All riseup.net services require secure connections and thus use certificates to verify the identity of the server.

For a certificate to be considered valid, it must be blessed by a private corporation who acts as a Certificate Authority. This centralized authority model has troubling social and political ramifications, especially when we rely on it for security. Some day, we hope that alternative, non-heriarchical models will replace this flawed system.

Until then, Riseup has purchased certificates from a commercial certificate authority that is recognized by your web browser, mail client, or chat client. These certificates will work seamlessly without any further action on your part.

However, some riseup.net services, like the RiseupVPN, use certificates that are blessed by our own certificate authority. This page is for people who need to download and install this Riseup Certificate Authority.

This verification process is not required in order to use the Riseup CA certificate. However, without verification, you cannot be certain you have downloaded the correct certificate, and you cannot be certain that your connections are secure.

Be warned: this verification process is difficult, requires an understanding of OpenPGP, and ultimately depends on knowing someone who has trusted riseup.net’s public OpenPGP key.